#tor-meeting log

18:58:55 <GeKo> #startmeeting tor browser 11/12
18:58:55 <MeetBot> Meeting started Mon Nov 12 18:58:55 2018 UTC.  The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:58:55 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
18:58:55 <tjr> tbb meeting?
18:59:00 <GeKo> indeed!
18:59:06 <GeKo> hello all
18:59:08 <sysrqb> o/
18:59:14 <igt0> hi!
18:59:19 <GeKo> another week, another meeting
18:59:27 <GeKo> the pad is at https://storm.torproject.org/shared/tHoN4Ii7rLSjPE0OP4gydX4cMGadsXmRQNc-6lwru0N
18:59:29 <arthuredelstein> hi everyone!
18:59:36 <sisbell> hey
18:59:39 <boklm> hi!
18:59:40 <GeKo> please enter you items and mark items to talk about bold
19:00:17 <pili> hi
19:00:34 <antonela> o/
19:01:33 <pospeselr> hello!
19:01:39 <pospeselr> and congrats arthuredelstein :D
19:01:53 <GeKo> :)
19:01:55 <GeKo> indeed
19:02:17 <sysrqb> trader :)
19:02:28 <sysrqb> (just kidding!)
19:03:12 <GeKo> alright
19:03:12 <pili> :D
19:03:24 <GeKo> some folks are still typing but we should probably start
19:03:30 <GeKo> tjr: you are up
19:04:04 <tjr> cubeb audio remoting temp files
19:04:41 <GeKo> yeah, i had a hard time too, to fully grasp the reply but i can try a second time and do something about it
19:04:43 <tjr> I'm not sure if mcs or GeKo you got more out of that email than I did - I think we need to dig more into the thing and figure out when they're used, and if we want to do anything to avoid them
19:04:54 <GeKo> i agree
19:04:59 <tjr> Does that mean I can leave that with you GeKo?
19:05:04 <GeKo> yes
19:05:09 <tjr> great; thx
19:05:23 <mcs> agreed, sounds like we need to dig a little more
19:05:48 <tjr> As for the web extension process: i was worried that pref may disappear before Tor stops needing it. Do you expect to have the two extensions integrated into the browser by the next esr?
19:05:57 <tjr> Or should i make sure those prefs don't disappear?
19:06:16 <GeKo> what do you mean by integrated?
19:07:09 <GeKo> i am not sure yet whether we want to bake in noscript as, say, as systems extension
19:07:27 <tjr> Right; but noscript can function as a web extension. launcher/button can't
19:07:33 <GeKo> yep
19:07:45 <tjr> Is the plan is just to move button/launcher extensions into the source tree; or to integrate them into the browser as not-an-extension?
19:08:30 <GeKo> torbutton should vanish as an extension until we get to the next esr
19:09:03 <GeKo> then the question is whether the browser/web extension communication would hit the same issue
19:09:15 <GeKo> which i don't know the answer to
19:10:09 <tjr> Hm. okay. Well, I'll start an email discussion and just probe if these prefs are being considered for removal to be safe
19:10:36 <GeKo> i hope treating torbutton that way solves this issue, though
19:10:41 <GeKo> sounds good, thanks
19:11:06 <GeKo> tjr: re switching to the clang toolchain.
19:11:06 * tjr is fin
19:11:11 <tjr> ah, yea?
19:11:25 <GeKo> i think i'd like to have that after we have the accessibility thing in our alphas
19:11:35 <tjr> sure
19:11:51 <GeKo> i mean we need a pretty new mingw-w64 revision anyway for that
19:12:22 <GeKo> and i think getting that feature out before starting to seriously change our toolchains
19:12:34 <GeKo> is a good thing for our users
19:12:53 <GeKo> go ahead if you want to work on it :)
19:13:07 <GeKo> otherwise we'll probably pick that up in dec or so as planned
19:13:19 <tjr> Sure. My main concern/hope is getting the kinks ironed out before mid/late january while I can help
19:13:19 <GeKo> (or we work together on it. whatever works for you)
19:13:28 <GeKo> sounds doable
19:13:35 * GeKo famous last words
19:14:04 <GeKo> pospeselr: you are up
19:14:25 <pospeselr> hey hello
19:15:09 <pospeselr> I've made a few updates to the #3600 doc, trying to rectify all the conflicting issues associated with redirects and cookies and what-not
19:16:21 <tjr> I'm planning on reading the last mix and match section through carefully. But it might not be until later this week.
19:16:29 <boklm> the storm links tells me "You do not have permission to access this grain"
19:16:43 <GeKo> i try to find some time as well to  give it a second look and think more about the problem
19:16:43 <pospeselr> anyway nothing in particular to discuss at the moment, going to be focusing this week on the work that needs to happen regardless of which combo of solution we converge on
19:17:04 <pospeselr> boklm: one sec
19:17:13 <GeKo> i guess it should be https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
19:17:15 <pospeselr> https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
19:17:20 <boklm> thanks
19:17:24 <GeKo> seems so :)
19:17:39 <pospeselr> grabbed the wrong link from my notes :p
19:17:53 <pospeselr> anyway, that is all
19:18:01 <GeKo> thanks
19:18:04 <GeKo> sisbell: hey!
19:18:27 <sisbell> hey
19:18:53 <GeKo> so, i worry we might fall behind our plan to get TBA-a2 out next week
19:19:09 <GeKo> which is why i tried to help with #27443
19:19:41 <GeKo> my current plan is to figure out what changed in rust 1.28 to make the problem go away and hopefully just backport a tiny patch :)
19:19:43 <sisbell> I can timebox the 1/26/1.28 investigation
19:20:06 <sisbell> And then say tomorrow, if no solution, maybe go with 1.28 for now?
19:20:26 <sisbell> Then we would have time to do testing for the release
19:20:42 <GeKo> so 1.27.2 is still broken
19:20:59 <GeKo> and i know that the nightly on 06/01 is working
19:21:23 <GeKo> my plan would be that you work on the orbot build integration into tor-browser-build
19:21:41 <GeKo> while i continue the investigation for #27443 so that we save some time
19:21:55 <GeKo> i think i can figure our the issue tomorrow or on wed
19:22:08 <sisbell> GeKo: Sure, I'll start back up on orbot then + the makefile
19:22:25 <GeKo> so, it should give us plenty of time to prepare all the patches to have our stuff for building ready this week
19:22:40 <GeKo> sounds good, please coordinate with sysrqb for the build process
19:22:46 <sisbell> When does code complete need to be done, leaving time for testing?
19:23:30 <GeKo> what do you mean?
19:24:00 <sisbell> I assume there's a block of time before release that we need for testing
19:24:26 <sisbell> of the apk
19:24:46 <GeKo> yes
19:25:13 <GeKo> ideally we only need to worry about features to get in next week and test our toolchain as good as we can
19:25:22 <GeKo> but all the toolchain work landed by then
19:25:43 <sisbell> Ok, that makes sense.
19:25:53 <GeKo> great, thanks
19:26:08 <GeKo> pili: i think it's your turn
19:26:37 <pili> hi, just a reminder that we have the release meeting this week on Wednesday at 18:00 UTC
19:26:57 <GeKo> 19:00
19:27:21 <GeKo> or otherwise i can't make it (again :) )
19:27:38 * GeKo pili got stuck in CEST
19:27:42 <pili> oops, I keep getting that one wrong, I need to update my calendar :D
19:27:46 <pili> (sorry :) )
19:28:05 <GeKo> we caught it earlier this time :)
19:28:48 <pili> that's all!
19:28:56 <GeKo> okay.
19:29:10 <GeKo> arthuredelstein: do you have an update?
19:29:27 <GeKo> (i know this questions starts to sound weird, but still ;p )
19:29:59 <arthuredelstein> GeKo: Is it not visible on the document?
19:30:17 <GeKo> hm. let me reload
19:30:19 * antonela cannot bold
19:30:21 <arthuredelstein> maybe it didn't sync
19:30:34 <sysrqb> nope, not showing here, too
19:31:00 <arthuredelstein> just a sec, I will try pasting it again
19:31:14 <GeKo> antonela: hey, do we plan aUX sync this week for the security controls?
19:31:20 <GeKo> *a UX
19:31:29 <antonela> yes, we should
19:31:37 <antonela> the release metting is at the same hour
19:31:56 <antonela> do you want to take over it? or having another meeting?
19:32:09 <arthuredelstein> I pasted it again, is it visible?
19:32:14 <arthuredelstein> right above nov 5
19:32:14 <GeKo> pili: ^
19:32:26 <GeKo> arthuredelstein: now i see it, thanks
19:32:26 <pili> we could share, I don't mind :)
19:33:29 <antonela> wow i lost my update after reload for arthur :/
19:33:37 <GeKo> arthuredelstein: so, do you have determined when your last day working on code will be?
19:33:46 <GeKo> i mean as part of the tor browser team?
19:34:06 <GeKo> i am just wondering about the thing you want to do until then
19:34:09 <GeKo> *things
19:34:48 <arthuredelstein> GeKo: Last official day would be Nov. 21
19:34:56 <GeKo> or are those the items you listed on the pad
19:34:58 <GeKo> ok
19:36:31 <arthuredelstein> Let me know if there are any things it would be useful for me to do between now and then
19:37:11 <GeKo> i think getting the permissions patch working and upstreamed sounds useful
19:37:29 <GeKo> i wonder about upstreaming #22343 as well
19:37:42 <GeKo> maybe that could be something for ethan's team, though
19:37:44 <arthuredelstein> I will still be around for discussions indefinitely to help with handing things off
19:37:57 <arthuredelstein> yes, I can at least get that started
19:38:03 <GeKo> indefinitely? sounds good! :)
19:38:09 <antonela> (:
19:38:18 <arthuredelstein> assuming I am immortal :)
19:38:25 <pospeselr> hah
19:38:35 <sysrqb> reasonable assumption
19:38:56 <GeKo> arthuredelstein: could you add the items you think you need/should hand off to the discussion item on restructuring the team?
19:39:09 <GeKo> (while we finish our status updates)
19:39:26 <arthuredelstein> sure!
19:39:44 <GeKo> antonela: okay, i think you are up
19:39:59 <antonela> thanks
19:40:08 <antonela> tor browser icon survey ended and I updated the ticket with the winner! I also made a different version for each channel release
19:40:20 <antonela> which are the plans? wait for 8.5? release on next release?
19:41:28 <GeKo> hm.
19:41:53 <GeKo> i am not sure about what is needed for having different icons for different series
19:41:58 <antonela> i played with iconutil and i have an .icns for mac os. I'll have assets for tba as well, both app and playstore. I need to read more about Windows and Linux.
19:42:06 <GeKo> so far we only had one icon for everything.
19:42:16 <GeKo> thus, this might need some time for investigation
19:43:13 <GeKo> antonela: how about you finish the assets while we figure out what we need on our side for icons on three different series?
19:43:17 <pili> can we get some help from firefox folks on this tjr?
19:43:32 <sysrqb> mozilla user different branding directories for each, i tihnk we'd need some changes for supporting this
19:43:36 <pili> I assume this is something that is done for firefox also
19:43:37 <sysrqb> err, *use
19:43:42 <pili> aah
19:43:46 <GeKo> yeah
19:43:54 <pili> thanks for clarifying :)
19:44:08 <antonela> GeKo: sounds like a plan - let
19:44:09 <GeKo> who wants to grab that investigation and run with it?
19:44:15 <tjr> I dont know anything, but if you can write up what you need I can ask around?
19:44:16 <antonela> let's do it
19:44:45 <pili> tjr: it's ok, I think the team here knows how that could work :)
19:45:35 <GeKo> mcs: could brade and you put that on your list?
19:46:00 <GeKo> i think all the other folks might be busy with wrap up or tba release
19:46:09 <GeKo> or fixing test suites
19:46:46 <GeKo> pospeselr: or you if you want to have some distraction :)
19:46:52 <mcs> GeKo: We can take a look. Do we need to work on it now or soon or ?
19:46:53 <pospeselr> yeah sounds like a nice divergence
19:47:19 <antonela> pospeselr :D
19:47:20 <GeKo> mcs: nowish would be good but let richard take it
19:47:27 <GeKo> pospeselr: thanks
19:47:31 <mcs> OK; thanks!
19:47:32 <pospeselr> :D
19:47:39 <GeKo> okay, long status updates
19:47:46 <GeKo> anything more for today in that regard?
19:48:14 <GeKo> discussion time then i think
19:48:21 <GeKo> so, two announcements first
19:48:58 <GeKo> 1) it's time for ou bi-annual 1:1s again, so just to give everyone a heads-up and that everyone can start think about it
19:49:09 <GeKo> i'll reach out to folks individually
19:49:26 <GeKo> (arthuredelstein: to you as well :) )
19:49:53 <GeKo> 2) we need to restructure who is doing what now that arthur is leaving
19:50:06 <GeKo> we should all think about those items arthur started to list
19:50:24 <GeKo> we probably need to drop some and others need to get picked up by other folks
19:50:37 <GeKo> we should make a decision about it next week
19:50:49 <GeKo> to have some smooth transition
19:51:22 <mcs> Kathy and I can take the lead on the annual rebase unless someone else wants it.
19:51:29 <GeKo> arthuredelstein: the uplift/mozilla coordination is missing from the things we need to take over
19:51:35 <arthuredelstein> yes, I just added that
19:51:36 <GeKo> right?
19:51:43 <GeKo> hah, thanks
19:51:50 <GeKo> mcs: noted
19:52:05 <GeKo> alright
19:52:16 <arthuredelstein> I'm hoping to continue to attend those meetings, but good to have someone actually from Tor Browser team there.
19:52:22 <GeKo> pili: it's you again if you want about the snap store idea
19:52:41 <pili> hi, yes, not sure if everyone saw irl's email about the snap store
19:52:51 <irl> hello
19:52:56 <pili> hi :)
19:53:01 <GeKo> arthuredelstein: yeah. i think it's too important for tor/moz coordination. so we should make sure someone from tor is showing up
19:53:22 <irl> i can talk about the snap store if that is useful
19:53:22 <arthuredelstein> definitely
19:53:37 <pili> I was wondering what people here thought about it and what we can do to help out
19:53:41 <GeKo> irl: so, how is the tor browser snap created right now?
19:53:50 <pili> irl: yup might be useful to give some context
19:54:14 <irl> currently we use a modified torbrowser-launcher
19:54:29 <irl> we ship the tarball inside the snap and then when a user runs it it is extracted into their home directory on first run
19:54:36 <irl> subsequent runs just launch from the home directory
19:54:49 <irl> we use tor browser's updater to make the updates go over tor
19:55:09 <GeKo> so, this takes the builds as we distribute them?
19:55:13 <irl> yeah
19:55:47 <boklm> do snaps provide an update mechanism?
19:55:55 <sysrqb> it would be nice if we could help micah with torbrowser-launcher
19:55:56 <irl> they do
19:56:00 <sysrqb> but we're already overloaded, it seems
19:56:42 <irl> i was at canonical's offices last week and they are keen for us to get this snap into the store
19:56:47 <irl> so they can provide us with help
19:56:58 <irl> in particular, they offered to test the snap before we publish it
19:57:07 <irl> just using it to browse around and click things
19:57:23 <sysrqb> i'm worried about your comment that torbrowser-lancher spends a significant amount of time broken (in some way)
19:57:28 <irl> right
19:57:38 <irl> this is because it is broken in ubuntu's universe archive
19:57:46 <irl> while the github releases are all working nicely
19:57:51 <irl> and ubuntu ships a broken thing for 6 months
19:58:00 <sysrqb> ah!
19:58:04 <pospeselr> is that on us for not providing timely updates?
19:58:15 <irl> nope, it's on the ubuntu packaging maintainer
19:58:19 <irl> (hint: there isn't one)
19:58:19 <pospeselr> or is it a side effect of the ubuntu apt-get release cycle?
19:58:23 <boklm> do you know if the firefox snap (if it exists) is using the firefox internal updater, or using snap to update itself?
19:58:37 <irl> there is a firefox snap and the tor browser snap is based on this
19:58:44 <irl> i don't know if it's using its internal updater or not
19:58:51 <irl> i would guess not as it's system-wide installation
19:59:09 <irl> i didn't want to spend the time hacking tor browser into something that can be installed system wide
19:59:31 <boklm> ah, yes
19:59:35 <GeKo> but that would be near to have :)
19:59:41 <GeKo> *neat
19:59:55 <irl> if tor browser team make a system wide installable tor browser, i'll make a snap for it
19:59:56 <mcs> what is the advantage to us using the browser updater vs. relying on the snap update mechanism?  quicker updates?
20:00:05 <irl> mcs: easier packaging
20:00:30 <irl> if we use the snap mechanism then we have to modify torbrowser-launcher to also update the already installed tor browser
20:01:24 <boklm> so having a system installable tor browser would avoid the need to use torbrowser-launcher
20:01:34 <irl> yeah, it would look more like the firefox snap then
20:01:45 <irl> but if we had this then we'd already have torbrowser debian packages
20:02:11 <irl> this is the main debian policy blocker
20:02:20 <sysrqb> is that advantage of torbrowser-launcherover tor-browser that torbrowser-launcher comes with additional hardeneing?
20:02:26 <irl> no
20:02:32 <irl> we actually have to disable this for the snap store
20:02:44 <irl> snaps provide their own "confinement" but it's for the whole snap
20:03:01 <irl> we can't use it to isolate the different parts of tor browser as the apparmor policies in the launcher do
20:03:22 <irl> i have discussed this with canonical people, and it looks like it could go on the roadmap, but not in the near future
20:04:21 <irl> i think the main benefits of the snap are ease of installation and that we're in control of the update cycle
20:04:27 <GeKo> i wonder whether we should think harder about our linux mess
20:04:42 <GeKo> like: what do we want?
20:04:51 <GeKo> what can and should we support?
20:05:10 <irl> i did discuss briefly in mexico that we should really have a packaging/software distribution person
20:05:14 <GeKo> with my tor browser hat on  i am happy the way mozilla daies this
20:05:20 <GeKo> *does
20:05:30 <irl> what does mozilla do?
20:05:30 <GeKo> they provide the source code and ship bundles
20:05:42 <irl> what is a bundle?
20:05:52 <GeKo> but the distros pick this up and provide firefox as they see fit
20:06:00 <GeKo> a .tar.xz file
20:06:17 <GeKo> and the distros have good coordination with upstream
20:06:26 <irl> a firefox release manager was my mentor for joining the debian project
20:06:32 <GeKo> yeah
20:06:38 <irl> they are not relying on solely distros picking it up
20:06:46 <GeKo> glandium is working for mozilla as well
20:06:49 <GeKo> sure
20:07:00 <GeKo> but the point is
20:07:18 <GeKo> they don't provide linux firefox release for all the distros themselves
20:07:31 <GeKo> and we as the tor browser team should not do this either i think
20:07:46 <irl> ah right, i don't think the tor browser team should do this
20:07:57 <irl> i think we should have a packaging person
20:08:16 <sysrqb> es sense :/
20:08:16 <sysrqb> ~.
20:08:17 <GeKo> that might be a good thing, yes
20:08:34 <GeKo> so, we should look at that as part of the application team
20:08:51 <irl> for now i'm probably ok to maintain the tor browser snap but i'd be happy to hand it off as soon as a person appears to hand it off to
20:08:56 <boklm> I think having some way to install a Tor Browser on a read only partition (for system install) would be nice and allow easier packaging
20:09:05 <irl> boklm: definitely
20:09:29 <boklm> I'm wondering if Tails is doing something like that
20:09:52 <GeKo> irl: okay, how do we proceed?
20:10:19 <irl> the process can happen pretty independently of any release cycle as we can just ship whatever is the latest at the time we do it
20:10:27 <GeKo> should i reply to your mail and point to the applications team and some packaging person we might want?
20:10:30 <irl> mostly i need to coordinate with stephw
20:10:42 <irl> canonical would like to do comms stuff about it
20:10:50 <irl> GeKo: yes, that sounds good
20:10:50 <GeKo> i can imagine
20:11:20 <GeKo> okay. i'll do that tomorrow then or on wed
20:11:29 <irl> excellent (: thanks
20:11:36 <pili> sounds good :)
20:11:45 <GeKo> irl: thanks for picking that up
20:11:58 <GeKo> do we have anything else to discuss for today?
20:12:19 <boklm> later maybe we could look at integrating the snap build into our build process
20:12:49 <GeKo> hm!
20:13:10 <sysrqb> i'm still not sure i understand the benefit of using torbrowser-launcher over just shipping the tarball and extracting it
20:13:15 <sysrqb> but that's okay :)
20:13:30 <pospeselr> sysrqb: same
20:13:36 <GeKo> it gives you a more linuxy experience
20:13:42 <GeKo> about getting stuff from your distro
20:13:49 <GeKo> via apt-get
20:14:12 <GeKo> and not needing to deal with tarballs (and signatures!)
20:14:12 <sysrqb> right, but that's the benefit of the snap, right?
20:14:19 <pospeselr> but why not just have a deb for the latest tor-browser in the apt-get repos?
20:14:25 <sysrqb> i'm not sure why the snap needs to use torbrowser-launcher
20:14:32 <boklm> sysrqb: I think the issue is that snap can only install files read-only, but current tor browser bundles expect the users to have write permission on it
20:14:46 <sysrqb> ahhhh
20:14:57 <sysrqb> that'd make sense
20:14:59 <GeKo> okay folks let me end the meeting and then we can discuss further
20:15:07 <sysrqb> okay :)
20:15:12 <GeKo> sorry for the long meeting, thanks all! *baf*
20:15:15 <GeKo> #endmeeting